Fresh Prints of Mal-ware: 0x1,0x2,0x3s of IOC

Presented as a webinar on August 26, 2010.

MANDIANT’s Nick Harbour, Principal Consultant at MANDIANT and David Ross, Technical Director at MANDIANT discuss the full potential of using Indicators of Compromise (IOC) effectively. In addition, they demonstrate how to utilize the IOCEditor to help organize and edit IOCs.

You will learn:

• How to build OpenIOC using IOCe
  • Using the various features of the editor to create comprehensive IOCs

• Inside OpenIOC

  • An explanation of various key elements in the OpenIOC schema

• Writing XSLT transforms to extract lists of Indicators

• Extending the Indicator Terms

  • What it means to add terms
  • What you can and can’t do

• Extended features not exposed in IOCe

  • Using embedded UUIDs to link Indicators to external knowledge bases
  • Leveraging Indicator parameters to expand Indicators

In the webinar, we referred to several resources:

• MANDIANT Intelligent Response is the industry’s first enterprise-grade incident response solution. It makes incident responders faster, less disruptive and less expensive — and makes your investigations more comprehensive and accurate.
• Our blog, M-unition, contains information from our consulting and research operations. We welcome feedback and comment.
• Follow us on Twitter, www.twitter.com/mandiant, and keep up to date on our consultants take on what’s going on in the industry.
• We offer a number of free tools for incident responders and malware analysts in the Software section of our website.

About the speakers

David Ross is a Technical Director within the Threat Management Services at MANDIANT.  He has over 12 years of experience in a variety of high-end technical fields, ranging from satellite communications systems and network administration to computer forensics and software development. Mr. Ross holds a current Top Secret government security clearance.

Nick Harbour is a Principal Consultant with MANDIANT and is a well-known innovator in the field of computer security with over nine years experience in reverse engineering, computer forensics, network monitoring and software development. He is a recognized expert in the field of malware and currently focuses on malware analysis and research at MANDIANT.  Mr. Harbour is one of the authors of the malware detection tool MANDIANT Red Curtain.